On Mon, Jan 08, 2018 at 04:13:42PM +0100, Ed Schouten wrote: > Hi Andrew, > > 2018-01-08 8:37 GMT+01:00 Andrew Turner <and...@fubar.geek.nz>: > > Won???t this lead to a NULL pointer dereference on overflow? mallocarray > > can return NULL even with M_WAITOK. > > Yes, it will, but an overflow shouldn't happen in the first place. > ri_data_len is compared with UIO_MAXIOV a few lines above. Even if an > overflow would happen, this would cause a kernel panic due to a NULL > pointer dereference later on, which is likely easier to debug than > some piece of code that overruns a buffer.
Given that the overflow is due to a bug, there's an argument we should panic rather than returning NULL even in the M_NOWAIT case so we produce a useful message in exactly the right place. -- Brooks
signature.asc
Description: PGP signature